Anaplan is issuing a new Anaplan certificate on December 8, 2018. You will need to take action based on the integration client and authentication method you are using:
|Anaplan Connect 220.127.116.11 or lower||Anaplan Certificate||Yes|
|Anaplan Connect 1.4||CA Certificate||No|
|Informatica Anaplan Connector||Anaplan Certificate||Yes|
|Informatica Anaplan Connector||CA Certificate||No|
|Mulesoft 2.x||CA Certificate||No|
|SnapLogic 1.x||Anaplan Certificate||Yes|
|Boomi x.x||Basic Authentication||No|
|Tableau 1.0||Anaplan Certificate||Yes|
|Any client||Basic Authentication||No|
If your integration client and authentication method has a "Yes" in the "Action Required" column, then you must take action on December 8 to prevent disruption to your integrations.
Note that web login, web SSO, and basic authentication to integrations are not impacted by this event.
This FAQ covers the following topics:
Anaplan is issuing a new certificate used for integrations on December 8, 2018.
This new certificate is intended to be used for existing clients on the legacy certificate authentication (such as Anaplan Connect 18.104.22.168). This certificate will not work on clients using the CA certificates (such as Anaplan Connect 1.4). Customers will now have two options to continue using certificate authentication with integrations:
Although customers will now have two options to choose from, Anaplan recommends that customers update their integration clients to a version that supports Certificate Authentication 2.0, which uses a CA certificate.
The current Anaplan certificate used by some customers for their integrations is set to expire in December. Customers who are impacted have been updating their clients to use CA certificates. However, we have received feedback that customers need more time to complete these updates and wanted to continue to use their existing clients. In order to support the existing clients, Anaplan will be issuing a new certificate on December 8, 2018 which can be used for certificate authentication. The benefit of this option is that customers can continue to use their existing clients and will have more time to update their clients to use CA certificates after December 2018.
See the Update to Integration Certificate Expiration blog post for information on impact and any steps to take.
No, the expiration date for a certificate cannot be changed. However, you can download a new Anaplan-issued certificate with a 1-year expiration date following the maintenance window on December 8, 2018, and use that with your existing integration client.
Assuming that you are using a supported integration client, complete the following steps on December 8:
As the Anaplan platform evolves, we are always looking to provide our customers with more features and ways to integrate with Anaplan. The new Anaplan APIs and integration connectors leverage Certificate Authority (CA) -issued certificates. CA authentication offers a certificate hierarchy known as the "chain of trust" that enables you to verify the validity of a certificate issuer. This aligns with industry standards and provides a higher level of security for Anaplan customers.
The following links will guide you through the procurement and registration of CA-issued certificates in Anaplan:
CA certificates align with industry standards and provide a higher level of security for Anaplan customers. For more information, see Administration: Security - Certificates in Anapedia.
You can obtain a CA certificate from your internal intermediary CA or purchase certificates from a Certificate Authority. If you have an intermediate CA, you can issue the certificate yourself. Your IT team can advise on your internal processes for obtaining certificates based on an intermediate CA.
The current Anaplan Production REST API version is v1.3. v2.0 of the Integration API has recently been released. Authentication mechanisms with both API versions are:
NOTE: Both API versions support Basic Authentication.
Anaplan Integration clients use one or both APIs. For more information on available integrations, see the Update to Integration Certificate Expiration blog post.
More information about the v2.0 Integration API can be found here: https://anaplanbulkapi20.docs.apiary.io
If you want to continue with existing Integration clients or custom integrations, you must switch over to Basic Auth for authentication or download a new certificate on December 8, 2018. With Basic Auth, you will use a user ID and password in your integrations instead of Anaplan Certificates.
You can continue to use your existing integrations with certificate authentication if you download a new Anaplan certificate on December 8, 2018. However, we are encouraging customers to migrate to a new client that supports CA certificates as that is our intended certificate authentication method.
If you are using Basic Auth (user ID and password) in AC 1.3.x.x. scripts, you can continue to do so. You can upgrade to AC 1.4, at your convenience.
If you are using Anaplan certificates for authentication, you can download a new certificate on December 8, 2018. You can keep both AC 1.3.x.x and AC 1.4 installed at the same time, and migrate your integration scripts one-by-one to AC 1.4.
AC 1.4 supports authentication with CA Certificates and Basic Auth. Existing Anaplan Certificates (downloaded from Anaplan UI) are not compatible with AC 1.4. Please review this blog post for steps to port AC 1.3.x.x Integration scripts to AC 1.4: https://community.anaplan.com/t5/Knowledge-Base/Migrating-from-Anaplan-Connect-1-3-x-x-to-Anaplan-Co...
You can take the Anaplan Connect online training from Anaplan Academy: https://community.anaplan.com/t5/Academy-Classes/Data-Related-Training-Classes/ta-p/19566
If you are using Anaplan Connect 1.3.x.x. Integrations with Anaplan certificates, you can update the certificates by editing your Integration script files.
In this example, the previous certificate is: certificate-123456789.cer. The new certificate is: certificate-new4567890.cer. The destination folder where the certificates are placed is: C:\anaplan-connect-1-3-3-5
As an alternative, you can also rename your new certificate to use the same name as your old certificate and avoid the need to update your Anaplan Connect 1.3.x.x. scripts.
In this example, the old certificate is certificate-123456789.cer and the new certificate is certificate-new4567890.cer.
You can find the Anaplan Connect 22.214.171.124 user guide here.
You can refer to following sources for information on creating JAVA keystore for use with Anaplan Connect v1.4:
Additionally, you can refer to the full Anaplan Connect online training at Anaplan Academy: https://community.anaplan.com/t5/Academy-Classes/Data-Related-Training-Classes/ta-p/19566
No. There is no impact on Anaplan Single Sign-on (SSO). The impact is only on the Anaplan data Integration API and Integration connector authentication.
Accessing Anaplan via a browser with standard login or with SSO is not impacted by this change. The certificate used in SSO is unrelated to the certificates used for integration certificate authentication.
Customers who are configured to use SSO have two options to authenticate their integrations with Anaplan:
Please post your questions in the Forum. Alternatively, you can contact your Anaplan Customer Success (CS) Business Partner.